LA Community College District Pays $28K to Retrieve Locked Files

After returning to school after the holiday break, Los Angeles Valley College found their computer files were inaccessible. It didn’t take long for the college to determine it was a malicious cyber attack that took down their systems. According to The Washington Times, the school notified students the day after the attack was discovered.

The ransomware variant that took down the college’s files is not being released. However the ransom note, left by the hackers, stated the school had seven days to pay the ransom or their files would be permanently inaccessible.

Now What?

The Los Angeles Community College District ended up paying the cyber criminals the ransom demand of $28,000 to obtain the decryption key. Now, as we all know, paying the ransom is probably one of the worst things you can do. And there are no promises the decryption key will actually work. However according to officials the key, provided by the hackers, are indeed unlocking the files.

Moving Forward

LA Valley College continues to work on decrypting their locked files, as it is a time-consuming process. No reports have been made about additional measures the district or LA Valley College plan to take moving forward to prevent future attacks.

PC Matic encourages all PC users, both home and business, to implement a security solution that includes application whitelisting. This solution prevents malware, including ransomware, from executing on computers by only allowing tested and deemed trusted applications to run. PC Matic is available for both home and business users, and includes automated application whitelisting technology.

Other Attacks

As the year continues to progress, we will maintain a list of all public ransomware attacks in 2017. You can access that list here. We have also created a ransomware map, see below, of the ransomware attacks that have taken place in the U.S. this year.

Post navigation

6 thoughts on “LA Community College District Pays $28K to Retrieve Locked Files”

If people kept proper backups, surely ransomware wouldn’t be a problem. If I received a ransomware demand I would simply boot into one of my clones that weren’t connected to my machine at that time. I keep three clones that are only connected to my machine when I’m actually backing up, so they wouldn’t be encrypted.

@Keith: Hello Keith, the short answer is yes. Our whitelist would be able to tell the difference between the legitimate excel and a piece of malware named excel in several ways.

When Microsoft and other software vendors create a file for distribution, they Digitally Sign the file before releasing it. In this example, Microsoft has a special key for their digital signature which allows only them to sign a file as Microsoft. This helps users and security companies see that a file is in fact coming from Microsoft. If that file is altered in any way, the MD5 hash of the file will change, and the Digital Signature will no longer be valid. We can easily see this and would block the file as the new MD5 would not be on our whitelist. Every single file has a unique MD5 hash and if it is changed in anyway at all a new MD5 hash will be generated showing that it is a different file now.

In the same way, a new piece of malware with the name excel would have a new MD5 that we have never seen before and would be stopped for being unknown even if it has the name excel.exe. Our research team would then get the sample for analysis and mark it as known bad for being a piece of malware.